diff options
-rw-r--r-- | configure.ac | 11 | ||||
-rw-r--r-- | lib/gnutls.pc.in | 2 | ||||
-rw-r--r-- | lib/nettle/Makefile.am | 4 | ||||
-rw-r--r-- | lib/nettle/sysrng-bcrypt.c | 88 |
4 files changed, 104 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 145f4502ed..a09cbfd92d 100644 --- a/configure.ac +++ b/configure.ac @@ -532,6 +532,10 @@ if test "$gl_gcc_warnings" = yes; then gl_WARN_ADD([-fdiagnostics-show-option]) fi +if test "$gl_cv_opt_valgrind_tests" != no; then + gl_WARN_ADD([-fno-builtin-strcmp]) +fi + AC_SUBST([WERROR_CFLAGS]) AC_SUBST([WSTACK_CFLAGS]) AC_SUBST([WARN_CFLAGS]) @@ -596,6 +600,13 @@ fi AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no") +if test "x$have_vista_dynamic" = "xno"; then + AC_CHECK_TYPES([BCRYPT_ALG_HANDLE],[LIBBCRYPT="-lbcrypt"],[],[#include <windows.h> + #include <bcrypt.h>]) +fi +AM_CONDITIONAL(HAVE_BCRYPT, test "$ac_cv_type_BCRYPT_ALG_HANDLE" = "yes") +AC_SUBST([LIBBCRYPT]) + AC_ARG_ENABLE(non-suiteb-curves, AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]), enable_non_suiteb=$enableval, enable_non_suiteb=yes) diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in index 15d3ab057c..0ed41e2ddd 100644 --- a/lib/gnutls.pc.in +++ b/lib/gnutls.pc.in @@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system URL: https://www.gnutls.org/ Version: @VERSION@ Libs: -L${libdir} -lgnutls -Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@ +Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@ @LIBBCRYPT@ @GNUTLS_REQUIRES_PRIVATE@ Cflags: -I${includedir} diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index 936f20c6ad..aae87e0902 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -49,7 +49,11 @@ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c \ int/block8.h backport/block-internal.h if WINDOWS +if HAVE_BCRYPT +libcrypto_la_SOURCES += sysrng-bcrypt.c +else libcrypto_la_SOURCES += sysrng-windows.c +endif else if HAVE_GETENTROPY libcrypto_la_SOURCES += sysrng-getentropy.c diff --git a/lib/nettle/sysrng-bcrypt.c b/lib/nettle/sysrng-bcrypt.c new file mode 100644 index 0000000000..10dc9ac83a --- /dev/null +++ b/lib/nettle/sysrng-bcrypt.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2010-2016 Free Software Foundation, Inc. + * Copyright (C) 2015-2016 Red Hat, Inc. + * Copyright (C) 2000, 2001, 2008 Niels Möller + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +/* Here are the common parts of the random generator layer. + * Some of this code was based on the LSH + * random generator (the trivia and device source functions for POSIX) + * and modified to fit gnutls' needs. Relicenced with permission. + * Original author Niels Möller. + */ + +#include "gnutls_int.h" +#include "errors.h" +#include <locks.h> +#include <num.h> +#include <nettle/yarrow.h> +#include <errno.h> +#include <rnd-common.h> +#include <hash-pjw-bare.h> + +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +/* The windows randomness gatherer. + */ + +#include <windows.h> +#include <bcrypt.h> + +get_entropy_func _rnd_get_system_entropy = NULL; + +static BCRYPT_ALG_HANDLE device_fd = 0; + +static +int _rnd_get_system_entropy_win32(void* rnd, size_t size) +{ + NTSTATUS err = BCryptGenRandom(device_fd, rnd, size, 0); + if (!BCRYPT_SUCCESS(err)) { + _gnutls_debug_log("Error in BCryptGenRandom: %ld\n", err); + return GNUTLS_E_RANDOM_DEVICE_ERROR; + } + + return 0; +} + +int _rnd_system_entropy_check(void) +{ + return 0; +} + +int _rnd_system_entropy_init(void) +{ + NTSTATUS err = BCryptOpenAlgorithmProvider + (&device_fd, BCRYPT_RNG_ALGORITHM, NULL, 0); + if (!BCRYPT_SUCCESS(err)) { + _gnutls_debug_log("error in BCryptOpenAlgorithmProvider!\n"); + return GNUTLS_E_RANDOM_DEVICE_ERROR; + } + + _rnd_get_system_entropy = _rnd_get_system_entropy_win32; + return 0; +} + +void _rnd_system_entropy_deinit(void) +{ + BCryptCloseAlgorithmProvider(device_fd, 0); +} |